Join 3,378 readers in helping fund MetaFilter (Hide)

Fictional spying through someone's phone
November 18, 2012 12:10 PM   Subscribe

Fiction-research-filter: Spying on someone through their phone.

Let's say that a person wanted to spy on someone using their phone, and that for some period of time they had full access to that phone. Would it be possible to:

(1) Write and then install an app that could be controlled remotely to silently activate the camera and microphone at certain times (and is there a difference between say Android and IOS here?)

(2) Collect the image, video and audio data on a server somewhere so that it could be analysed later. How would you set up a server so that you could access the data stored there, but the server itself could not be traced back to you? I am particularly vague on this point.

Any other angles I'm not thinking off also welcome. My aim is to understand enough of this stuff to sound convincing, so links to relevant information welcome (as long as they're safe to view!).
posted by StephenF to Computers & Internet (7 answers total) 5 users marked this as a favorite
1) On normal iOS, you can't remotely activate software like that. App Store apps are very constrained in what they can do - the user opens one, uses it, and closes it. The built-in microphone app has special permission to stay alive "in the background" recording sound, but it includes a visible banner, and it can't be activated remotely. VOIP apps and geolocation apps with special permission from Apple (think Skype and Google Latitude) can quietly run in the background indefinitely, but they can't activate cameras or microphones.

So if you want to spy on someone on iOS via remotely-activated camera and microphone, you have to exploit the software on the device. If your spy has very advanced technical skills (equivalent to a professional security researcher with years of experience studying iOS), she/he may be able to write a program that "jailbreaks" the device (removes Apple's restrictions), installs a secret background program, hides itself, and can be remotely activated by your spy. If the target happens to restore the phone or update it to a new iOS version, the secret program would be overwritten.

If your spy has moderately advanced technical skills, she/he may be able to repurpose one of the publicly-available free jailbreaks that people publish for benign purposes (allowing others to install customizations on their own devices). The limitation here is that these jailbreaks aren't available for all devices and iOS versions. But if your target has an iPhone 4, it can be jailbroken quickly and easily on any iOS version. Then your spy has the option of installing a commercial product that includes remote spying or installing custom software. Again, if the target happens to restore the phone or update it to a new iOS version, the spying program would be overwritten.

If you want to learn more about publicly-available jailbreaks, you can check out the Wikipedia article, the blog of the main jailbreak developers, and this jailbreaking FAQ that I maintain (my job is to help with support and user experience for the benign, creative side of jailbreaking).

I believe all of the currently-available commercial spy products for jailbroken iOS devices only record/transmit data that is already on the phone - GPS movements, text messages, keypresses, etc. - I don't know of any that can remotely record sound or video. But you could pretend that one is available, or you could have your spy write a custom piece of software that does this. Here are a few of the existing products: InnovaSpy, Tracesaver, iKeyGuard, and Mobile Spy. Some of them also have equivalent products for Android, but I don't know much about how these things work on Android.

2) I showed a friend this question, and he said "You find some crappy website online somewhere that is insecure and hack their server." He went on to explain that an even better method is to install a program on that server that connects to a popular IRC network that doesn't record chat logs (such as Efnet) and can be controlled by your spy sending commands to it over that IRC network. (Your spy connects to IRC via a different hacked server, by the way.) This means any person trying to trace the sneaky behavior has to wrangle with multiple layers of misdirection.
posted by dreamyshade at 1:18 PM on November 18, 2012 [1 favorite]

I was researching a similar thing. The specifics of Android vs. IOS and bypassing the OS's restrictions on installing aps strike me as less important if you're writing fiction rather than a How-To.

No matter what they do to the OS, the one immutable sign that your phone is spying on you is that it suddenly starts losing its charge faster than it used to. But so many people are willing to assume it's a problem with the battery. :)

Someone willing and able to hack your phone to spy on you could have done the same to the server where this data is stored. If you want to get cute, it could be a tumblr where the audio data is encoded inside of animated .GIFs of cats or something. Thousands of people might be viewing this site, and you'd have no way to know one person wasn't just there for the cats.
posted by RobotHero at 1:37 PM on November 18, 2012 [1 favorite]

Thanks guys! dreamyshade, the time that answer took is much appreciated.
posted by StephenF at 1:46 PM on November 18, 2012

If you want to take the animated GIF route, the keyword to look up is steganography. :)
posted by dreamyshade at 2:20 PM on November 18, 2012

Without jailbreaking...if you figure out the credentials to their iCloud account, you could simply track their movements via "Find my iPhone."

In a fictional sense, you could devise a drive-by jailbreaking by having the recipient open a corrupt e-mail or visit a compromised webpage (much like how PCs get infected with malware currently). This is perfectly plausible and used to actually be a vulnerability with early iPhones (eg. it took a corrupted image to overrun memory and have the iPhone execute unauthorized code).

Just don't be surprised if life imitates's a matter of time before new vulnerabilities are discovered and exploited on mobile devices.
posted by samsara at 2:29 PM on November 18, 2012

For part 2, your options are essentially, a) hack a poorly secured server, b) pay for a server with a stolen credit card/Paypal account, c) buy a prepaid credit card with cash and pay for the server with that, d) use Bitcoins to pay for the server. A and B are the most common for spammers and are reasonably easy to execute, but have serious legal/moral problems. C is the easiest option, but its anonymity is all dependant upon the card not being tracked back to them (ie video recording of the card's purchase). D is the most feasible way to legally and completely anonymously do it, but also the most complex. It requires the Bitcoins to be mined (or obtained anonymously from selling something that also can not be traced back) which is slow and it also requires finding a host that will let you pay in them. Another option would be to ditch the anonymity of the server and just let the files get lost in the noise of a busy site. The files could be uploaded to any busy site that takes user submissions and they would probably be ignored if they look boring or are otherwise disguised with steganography. Similarly as long as the user was careful to access the service from open wifi connections or with TOR, the files could be uploaded to something like Google Drive or Dropbox and it would be hard to trace back to the person.
posted by cspurrier at 8:54 PM on November 18, 2012

Depends on whether it is an individual or a law enforcement group attempting to garner access to voice/camera. The FBI have used this "roving bug" facility for a number of years now. Bruce Schneier posted about the legal ramifications shortly after the District Court decision in 2006.
posted by longbaugh at 4:01 AM on January 3, 2013

« Older Please recommend me a good cam...   |  I was checking the security se... Newer »
This thread is closed to new comments.